Google Blogoscoped

Forum

VUPEN Security Team Cracks Google Chrome's Sandbox

mbegin [PersonRank 10]

Wednesday, May 11, 2011
8 years ago5,347 views

<< We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox.

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP. >>

+ Show video



vupen.com/demos/VUPEN_Pwning_C ...

Juha-Matti Laurio [PersonRank 10]

8 years ago #

Thanks for sharing, I was in process to share yesterday :)
Also
zdnet.com/blog/security/google ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!